CVE-2024-50233

Summary

In the Linux kernel, the following vulnerability has been resolved:

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

In the ad9832_write_frequency() function, clk_get_rate() might return 0. This can lead to a division by zero when calling ad9832_calc_freqreg(). The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect against the case when fout is 0. The ad9832_write_frequency() function is called from ad9832_write(), and fout is derived from a text buffer, which can contain any value.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < fcd6b59f7a774558e2525251c68aa37aff748e55affected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < 442f786c5bff8cfd756ebdeaa4aadbf05c22aa5aaffected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < 2f39548f45693d86e950647012a214da6917dc9faffected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < ccbc10647aafe2b7506edb4b10e19c6c2416c162affected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < adfbc08b94e7df08b9ed5fa26b969cc1b54c84ecaffected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < dd9e1cf619c945f320e686dcaf13e37ef0b05fddaffected
LinuxLinuxea707584bac187c9c6c64c4eacd1c09bcc08f37b < 6bd301819f8f69331a55ae2336c8b111fc933f3daffected
LinuxLinux2.6.39affected
LinuxLinux0 < 2.6.39unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.229 <= 5.10.*unaffected
LinuxLinux5.15.171 <= 5.15.*unaffected
LinuxLinux6.1.116 <= 6.1.*unaffected
LinuxLinux6.6.60 <= 6.6.*unaffected
LinuxLinux6.11.7 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References